Wednesday, June 28, 2017

Exchange 2016 or Office 365 Shared Mailbox Not Updating

I was addressing an interesting issue for a customer today where a user with a shared mailbox would not automatically update.  Their primary mailbox updated correctly, only the shared mailbox did not update.

All other shared mailboxes for other users worked correctly.

All users are running Outlook 2013 32bit with all latest patches at the time of this writing.

When a user navigates to the shared mailbox and clicks Send/Receive All Folders or Update Folder, it will not update.


The only way the user can update the shared mailbox is by closing and reopening Microsoft Outlook.

All other users in the environment do not have issues with shared mailboxes.

After doing some research, it appears to be an issue with Microsoft Outlook when dealing with shared mailboxes over 2GB in size.  This shared mailbox having the issue was indeed over 2GB in size.

There are numerous forum threads on the Internet with people experiencing this Outlook issue:
This issue only occurs when shared mailboxes are being cached locally.

As a workaround, simply prevent the shared mailboxes from being cached locally by disabling "Download shared folders" on the users Outlook profile.  This is a confirmed workaround to the issue.

Security Vulnerability in Azure AD Connect

If you have recently upgraded your DirSync synchronization tool to Azure AD Connect to get your contacts up to Office 365, you will need to do it again.

An exploit in the new Microsoft cloud synchronization tool has just been discovered which allows elevation of permissions.  This exploit allows an attacker to reset the password to an on-premises Active Directory account and gain privileged access such as Domain Admin over a companies domain.

The exploit is in the "Password write back is a component of Azure AD Connect" which needs to be enabled for this exploit to work.

A write-up of this security vulnerability can be found here:

https://technet.microsoft.com/library/security/4033453.aspx?f=255&MSPPError=-2147217396

Luckily most my customers are still using DirSync and are not affected by this vulnerability.

For a comparison between DirSync and Azure AD Connect please see:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-considerations-tools-comparison

Sunday, June 18, 2017

For Each Line in Text File Do - Batch Script

Below is a simple batch script which takes each line of a text file and lets you use it in a script.  I have provided an example of this below.

I have needed FOR EACH, DO batch scripts numerous times over the years and its always hard to find a good one on the Internet.

@ECHO OFF
For /f %%i in (c:\computerlist.txt) do (
Echo ************************
Echo %%i
Echo ************************
psexec \\%%i -h -u domain\username -p password "\\domain\netlogon\mybatchscript.bat"
)
pause

Very handy during day to day sysadmin tasks!